Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
89s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2022, 02:31
Behavioral task
behavioral1
Sample
a4babb0e052f972640a840da092cc2b70544f04eb6d3c5fb0699747093c85cb1.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral2
Sample
out.exe
Resource
win10v2004-20220812-en
General
-
Target
a4babb0e052f972640a840da092cc2b70544f04eb6d3c5fb0699747093c85cb1.exe
-
Size
2.4MB
-
MD5
ee577c6818e4c4fdfac6221a7678453e
-
SHA1
39b172bc8d5f47e512e0ba90f70ce21661618273
-
SHA256
a4babb0e052f972640a840da092cc2b70544f04eb6d3c5fb0699747093c85cb1
-
SHA512
935d466a1de6d03ed5f8287bae32b52d86451c83a1d1d88cc99951d9b8f475b152fc07763d705417faf7386d1327cc033490bbb6a183d13f34a2adb3b7ddf198
-
SSDEEP
49152:dRkVU7z3NhvRaZhTm6mxd2YYglcAxRXK/poKGheD7YJ4zSreZMn2j+w2D:dPv3z6hTN/YYETxhK/WKGheD7YJ4zKey
Malware Config
Signatures
-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
resource yara_rule behavioral1/memory/3464-132-0x0000000000400000-0x0000000000718000-memory.dmp detect_ak_stuff behavioral1/memory/3464-133-0x0000000000400000-0x0000000000718000-memory.dmp detect_ak_stuff -
resource yara_rule behavioral1/memory/3464-132-0x0000000000400000-0x0000000000718000-memory.dmp upx behavioral1/memory/3464-133-0x0000000000400000-0x0000000000718000-memory.dmp upx -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 33 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3464 a4babb0e052f972640a840da092cc2b70544f04eb6d3c5fb0699747093c85cb1.exe 3464 a4babb0e052f972640a840da092cc2b70544f04eb6d3c5fb0699747093c85cb1.exe